GPO Based on Machine possible?

[Kardon Coupé]

Dear All,

I've got a nice working GPO setup, but one of the settings hides/disabled
certain drives on a machine, but I would like this user to be able to access
another machine which has a different set up of drives, hence the GPO
doesn't work on that machine (well it does activate, but looks wrong).

Is there a way of have a GPO that is Machine Dependant, so I can have the
right drives disabled on the right machine?

Regards
Paul.

 

[Mark Heitbrink [MVP]]

Hi,

Is there a way of have a GPO that is Machine Dependant, so I can have the
right drives disabled on the right machine?

You are searching for Loopback Processing:
http://support.microsoft.com/kb/231287

Mark

 

[Kardon Coupé]

By reading that that seems to imply that the settings apply to 'Any' user
who logs onto the machine, I'm only wanting it to affect a particular user?
or am I reading that wrong?

 

[Mark Heitbrink [MVP]]

Hi,

By reading that that seems to imply that the settings apply to 'Any' user
who logs onto the machine,

Yes, in the first step, if read/apply is given to "authenticated users"

I'm only wanting it to affect a particular user?

You can filter the GPO with security settings.
Remove Auth.Users and give read/apply only to the computeraccount and the
specific user or usergroup.

Mark

 

[Kardon Coupé]

Mark,

You can filter the GPO with security settings.
Remove Auth.Users and give read/apply only to the computeraccount and the
specific user or usergroup.

I do understand what your meaning/saying, but I can't seem to achieve the
result required, when I add Machine 1 to the GPO1, it applies on the Machine
1, and doesn't Apply on Machine 2, so I created another script, and
technically reveresed my requirements, to work on Machine 2, and not on
Machine 1, but the GPO2 doesn't run..Do you think they are causing problems
with each other?

 

[Kardon Coupé]

Mark,

Just another addition to this current thread, the only way I can get GPO's
to apply is by having "Authenticated Users" in the Security tab :-(

Any other tips?

Regards
Paul

 

[Mark Heitbrink [MVP]]

Hi,

Just another addition to this current thread, the only way I can get GPO's
to apply is by having "Authenticated Users" in the Security tab :-(

Then I think, your object is not in the scope of your GPO and you are
trying to apply GPOs only to securitygroups, but mention, that
filtering by securitygroup is only an optional setting.
You object must be in the scope.

an example which doesn´t work:
- OU "My Users"
- linked GPO "settings for my users"
inside this OU is only a security group ... no object -> no efect.

The way filtering works, no matter, where the security group is stored,
the group can be placed anywhere ...
- OU "My Users"
- User1, Memberof HR
- User2, Memberof Finance
- linked GPO "settings for HR", filtered by SecGroup HR (read/apply)
- linked GPO "settings for Finance", filtered by SecGroup Finace

User1 will be in the scope of "Settings for finance" but it is filtered,
the object has not the permission to read and apply, so the only GPO that
will be taken is "settings for HR"

Mark